Legal

Privacy Policy

How we collect, use, and protect information when you use Zebralines—and our commitment that barcode data stays in your browser.

Last updated: May 31, 2026

1. Who we are

Zebralines (“we,” “us,” or “our”) operates the Zebralines website and browser-based barcode workspace at zebralines.io (the “Service”).

This Privacy Policy explains how we collect, use, disclose, and protect information when you use the Service. It applies to visitors, registered users, and customers.

Controller / contact

2. Our core privacy commitment (barcode data)

Zebralines is designed so that barcode values, label text, CSV/spreadsheet contents, and exported image files are processed in your web browser on your device. We do not receive, store, or have access to the catalog data you use to generate barcodes as part of normal workspace operation.

When you are signed in, we may receive account and usage metadata described below (for example, your email address and aggregate counts of how many labels you generated). We do not attach your barcode values to those records.

This architectural separation is a product feature, not only a policy statement. If you use the Service without signing in, barcode generation can occur entirely locally without account data being sent to us.

3. Information we collect

3.1 Information you provide

  • Account: Email address, password (hashed by our auth provider), display name, optional company name and use-case answers — to create and manage your account and personalize onboarding.
  • Support: Name, email, company, message text, optional file attachments you upload with a ticket — to respond to support, billing, and product requests.
  • Billing: Plan selection and billing interval; payment card and billing address are collected by Dodo Payments, not stored on our servers — to process subscriptions and invoices.
  • Saved layouts (templates): Template name, barcode format type, and non-payload layout settings (stored as configuration metadata) — so you can reuse label layouts across sessions.

We instruct our systems not to store barcode payloads, SKU lists, GTINs, or row-level spreadsheet values in template configuration or usage logs.

3.2 Information collected automatically

  • Usage aggregates: Counts such as number of barcodes generated, exports triggered, or CSV imports in a period; optional opaque session identifier — to enforce plan limits, improve reliability, and understand product usage trends.
  • Technical / security: IP address, browser type, device type, timestamps, request logs — for security, fraud prevention, debugging, and service operation.
  • Authentication: Session tokens issued by our identity provider — to keep you signed in securely.
  • Website analytics: Through Plausible Analytics and Google Analytics, we collect aggregated page views, referrers, browser and device type, and coarse location (country or region) to understand traffic and how the Service is used. Barcode values, label text, CSV or spreadsheet contents, and workspace export files are not sent to analytics.

We use analytics for site and product measurement, not to sell personal information. We do not run cross-site advertising networks through these tools. Analytics does not receive catalog or barcode payloads.

3.3 Information from third-party sign-in

If you choose “Continue with Google,” we receive profile information made available by Google (such as your name and email address) according to your Google account settings and Google's policies. We use it only to create and maintain your Zebralines account.

4. How we use information

We use personal information to:

  • Provide, operate, maintain, and improve the Service
  • Authenticate users and manage accounts
  • Process subscriptions, trials, upgrades, and billing events
  • Enforce plan limits and prevent abuse
  • Communicate with you about the Service, security, or support requests
  • Comply with legal obligations and protect our rights
  • Measure website traffic and product usage through Plausible Analytics and Google Analytics (aggregate statistics only)

We use aggregate usage counts (not barcode values) to measure monthly label limits and product adoption. Analytics and account usage metrics are separate systems; neither receives your barcode catalog data.

5. How we share information

We share personal information only with:

  • Cloud infrastructure providerauthentication, database hosting, file storage for support attachments, and website/API hosting, operating under our instructions
  • Dodo Payments (or a successor payment provider) — hosted checkout, subscription management, and payment processing
  • Plausible Analytics — website analytics under our instructions (see Plausible Analytics privacy information)
  • Google Analytics — website analytics under our instructions (see Google Analytics privacy information)
  • Professional advisors — legal, accounting, or security counsel when necessary
  • Authorities — when required by law or to protect rights, safety, and security

Payment card data is handled by Dodo Payments under its own privacy and security certifications. Zebralines does not store full card numbers on our systems.

We do not sell or rent your personal information. We do not share your barcode catalog data with third parties because we do not receive it in the ordinary course of Service use.

6. Cookies and similar technologies

We use cookies and local storage as needed for:

  • Keeping you signed in
  • Remembering preferences
  • Securing the Service
  • Supporting privacy-focused analytics where applicable (see our Cookie Policy)

We do not use cookies for cross-site advertising profiles. You can control cookies through your browser settings; disabling essential cookies may limit sign-in and paid features. For details, see our Cookie Policy.

7. Data retention

  • Account profile and subscription: Until you delete your account, plus a short period for backups and legal holds
  • Usage aggregates: Until account deletion, subject to backup cycles
  • Support tickets: As long as needed to resolve the issue and meet record-keeping obligations
  • Server logs: Limited rolling retention for security and operations

When you delete your account (see Section 9), we delete or anonymize associated profile, subscription, template, and usage records through our database cascades, subject to backup lag and legal retention requirements.

8. Security

We use industry-standard measures including encryption in transit (HTTPS), access controls, and vendor security practices. No method of transmission or storage is 100% secure; you use the Service at your own risk and should protect your credentials.

9. Your rights and choices

Depending on where you live, you may have rights to:

  • Access a copy of personal information we hold about you
  • Correct inaccurate account information (via Settings or by contacting us)
  • Delete your account and associated data
  • Export certain account data where applicable
  • Object or restrict certain processing
  • Withdraw consent where processing is consent-based
  • Opt out of sale/sharing (we do not sell personal information)

Account deletion: Signed-in users can permanently delete their account from Settings → Security. Deletion removes your auth user record and cascades to profile, subscription, saved templates, and usage events in our database. Contact us if you cannot access self-serve deletion.

California residents (CCPA/CPRA): You may request access, deletion, and correction. We do not sell personal information. Authorized agents may submit requests with proof of authority.

EEA/UK (GDPR): You may lodge a complaint with your local supervisory authority. Our lawful bases include contract performance, legitimate interests (security, product improvement), and consent where required.

Australia (APPs): You may request access to and correction of personal information we hold about you.

India (DPDP Act): Where applicable, you may exercise rights such as access, correction, erasure, and grievance redressal in line with India's digital personal data protection framework. Contact us using the details below; unresolved grievances may be escalated to the Data Protection Board of India when the law requires it.

To exercise rights, email support@zebralines.io. We may verify your identity before responding.

10. International transfers

We and our subprocessors may process data in the United States and other countries. Where required, we rely on appropriate safeguards (such as standard contractual clauses) for cross-border transfers.

11. Children

The Service is not directed to children under 16 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children. Contact us if you believe a child has provided data.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will post the revised version on the website and update the last updated date. Material changes may be notified by email or in-product notice where appropriate.

13. Governing law

This Privacy Policy is governed by the laws of India, except where mandatory law in your country of residence requires otherwise.

14. Contact

Questions about privacy: support@zebralines.io (Zebralines)

See also our Cookie Policy, Terms of Service, and Refund Policy.